falcon-image-analyzer pod produces error logs.

[Blizter]

Hello,

Note: this is a duplicate of CrowdStrike/falcon-operator#598 because I don't know if the error is due to the operator or the helm charts.

I am currently working on setting the image analyzer on our Infra, however I am facing a situation where we are able to pull the image from our private registry (after pull from CS then retagging). When deploying the image analyzer using the helm charts I get the following log in the falcon-image-analyzer :

time="2024-11-20T18:09:23Z" level=info msg="starting ivan agent" commit=ea8a0297f66119dfe6fc76920719881b6562b5c3 os=linux mode=watcher version=1.0.9 architecture=amd64
time="2024-11-20T18:09:23Z" level=info msg="successful cleanup on start" version=1.0.9 architecture=amd64 commit=ea8a0297f66119dfe6fc76920719881b6562b5c3 os=linux mode=watcher
time="2024-11-20T18:09:23Z" level=info msg="server_version = v1.29.8-eks-a737599" mode=watcher
time="2024-11-20T18:09:23Z" level=info msg="getting inventory config" mode=watcher
time="2024-11-20T18:09:23Z" level=error msg="error getting imageanalyzer config. will try again" error="unable to get JWT: unable to refresh JWT from crowdstrike: unable to complete request to crowdstrike Auth: Post \"/oauth2/token\": unsupported protocol scheme \"\"" mode=watcher
time="2024-11-20T18:09:53Z" level=info msg="getting inventory config" mode=watcher
time="2024-11-20T18:09:53Z" level=error msg="error getting imageanalyzer config. will try again" mode=watcher error="unable to get JWT: unable to refresh JWT from crowdstrike: unable to complete request to crowdstrike Auth: Post \"/oauth2/token\": unsupported protocol scheme \"\""
time="2024-11-20T18:10:23Z" level=info msg="getting inventory config" mode=watcher
time="2024-11-20T18:10:23Z" level=error msg="error getting imageanalyzer config. will try again" error="unable to get JWT: unable to refresh JWT from crowdstrike: unable to complete request to crowdstrike Auth: Post \"/oauth2/token\": unsupported protocol scheme \"\"" mode=watcher
time="2024-11-20T18:10:53Z" level=info msg="getting inventory config" mode=watcher
time="2024-11-20T18:10:53Z" level=error msg="error getting imageanalyzer config. will try again" mode=watcher error="unable to get JWT: unable to refresh JWT from crowdstrike: unable to complete request to crowdstrike Auth: Post \"/oauth2/token\": unsupported protocol scheme \"\""
time="2024-11-20T18:11:23Z" level=info msg="getting inventory config" mode=watcher
time="2024-11-20T18:11:23Z" level=error msg="error getting imageanalyzer config. will try again" mode=watcher error="unable to get JWT: unable to refresh JWT from crowdstrike: unable to complete request to crowdstrike Auth: Post \"/oauth2/token\": unsupported protocol scheme \"\""

here is the content of the values.yaml provided to the helm charts :

deployment:
  enabled: true
scanStats:
  enabled: true

image:
  repository: <private repo address>
  tag: 1.0.9
crowdstrikeConfig:
  clientID: <client id created for IAR>
  clientSecret: <client secret created for IAR>
  clusterName: <CLuster name>
  env: <us-1 or us-2 or auto? >
  cid: <CID>
  dockerAPIToken: <Docker api token>

serviceAccount:
  name: <sa name>
  annotations:
    <role ARN>

priorityClassName: "be-high"

Are we missing something?

I have been scratching my head since Monday, We checked several time the client id/secret scopes, the configs the doc, etc.

I saw CrowdStrike/falcon-operator#571 and wondering if something is missing on the doc side that is creating this situation

Thank you for your help.

[evanstoner]

Hey @Blizter -- you have crowdstrikeConfig.env but it looks like the correct property for the IAR chart is crowdstrikeConfig.agentRegion: https://github.com/CrowdStrike/falcon-helm/tree/main/helm-charts/falcon-image-analyzer

Also note that only the latest release of this chart supports auto: https://github.com/CrowdStrike/falcon-helm/releases/tag/falcon-image-analyzer-1.1.10

Apologies for the confusion as I see some other charts do use env.

[evanstoner]

@Blizter Were you able to get this working?